| Message ID | 20180406124909.3603-1-vmojzis@redhat.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
On 04/06/2018 08:49 AM, Vit Mojzis wrote: > The type generated by apache_content_template macro for cgi scripts > changed from httpd_$1_script_t to $1_script_t. > Update sepolicy accordingly. > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1271324 This seems to be a change only present in Fedora policy, not upstream refpolicy. So merging this would break users of refpolicy and potentially distributions other than Fedora. Why was this change made, and why wasn't a typealias added to preserve compatibility? > > Signed-off-by: Vit Mojzis <vmojzis@redhat.com> > --- > python/sepolicy/sepolicy/generate.py | 2 +- > python/sepolicy/sepolicy/templates/executable.py | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py > index f814e278..675b99d6 100644 > --- a/python/sepolicy/sepolicy/generate.py > +++ b/python/sepolicy/sepolicy/generate.py > @@ -347,7 +347,7 @@ class policy: > raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\"")) > > if type == CGI: > - self.name = "httpd_%s_script" % name > + self.name = "%s_script" % name > else: > self.name = name > > diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepolicy/sepolicy/templates/executable.py > index f2679938..e1b17486 100644 > --- a/python/sepolicy/sepolicy/templates/executable.py > +++ b/python/sepolicy/sepolicy/templates/executable.py > @@ -116,7 +116,7 @@ policy_module(TEMPLATETYPE, 1.0.0) > > apache_content_template(TEMPLATETYPE) > > -permissive httpd_TEMPLATETYPE_script_t; > +permissive TEMPLATETYPE_script_t; > """ > > te_daemon_rules="""\ >
On 04/11/2018 04:26 PM, Stephen Smalley wrote: > On 04/06/2018 08:49 AM, Vit Mojzis wrote: >> The type generated by apache_content_template macro for cgi scripts >> changed from httpd_$1_script_t to $1_script_t. >> Update sepolicy accordingly. >> >> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1271324 > > This seems to be a change only present in Fedora policy, not upstream > refpolicy. So merging this would break users of refpolicy and > potentially distributions other than Fedora. Why was this change made,> and why wasn't a typealias added to preserve compatibility? > Hi Stephen, You're right with this change, however commit in our selinux-policy sources changing this is from 2013. I will look on it and add proper typealiases. Thanks for heads up. Lukas. >> >> Signed-off-by: Vit Mojzis <vmojzis@redhat.com> >> --- >> python/sepolicy/sepolicy/generate.py | 2 +- >> python/sepolicy/sepolicy/templates/executable.py | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py >> index f814e278..675b99d6 100644 >> --- a/python/sepolicy/sepolicy/generate.py >> +++ b/python/sepolicy/sepolicy/generate.py >> @@ -347,7 +347,7 @@ class policy: >> raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\"")) >> >> if type == CGI: >> - self.name = "httpd_%s_script" % name >> + self.name = "%s_script" % name >> else: >> self.name = name >> >> diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepolicy/sepolicy/templates/executable.py >> index f2679938..e1b17486 100644 >> --- a/python/sepolicy/sepolicy/templates/executable.py >> +++ b/python/sepolicy/sepolicy/templates/executable.py >> @@ -116,7 +116,7 @@ policy_module(TEMPLATETYPE, 1.0.0) >> >> apache_content_template(TEMPLATETYPE) >> >> -permissive httpd_TEMPLATETYPE_script_t; >> +permissive TEMPLATETYPE_script_t; >> """ >> >> te_daemon_rules="""\ >> >
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py index f814e278..675b99d6 100644 --- a/python/sepolicy/sepolicy/generate.py +++ b/python/sepolicy/sepolicy/generate.py @@ -347,7 +347,7 @@ class policy: raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\"")) if type == CGI: - self.name = "httpd_%s_script" % name + self.name = "%s_script" % name else: self.name = name diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepolicy/sepolicy/templates/executable.py index f2679938..e1b17486 100644 --- a/python/sepolicy/sepolicy/templates/executable.py +++ b/python/sepolicy/sepolicy/templates/executable.py @@ -116,7 +116,7 @@ policy_module(TEMPLATETYPE, 1.0.0) apache_content_template(TEMPLATETYPE) -permissive httpd_TEMPLATETYPE_script_t; +permissive TEMPLATETYPE_script_t; """ te_daemon_rules="""\
The type generated by apache_content_template macro for cgi scripts changed from httpd_$1_script_t to $1_script_t. Update sepolicy accordingly. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1271324 Signed-off-by: Vit Mojzis <vmojzis@redhat.com> --- python/sepolicy/sepolicy/generate.py | 2 +- python/sepolicy/sepolicy/templates/executable.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)